random crash van PC

[omega]

Hallo

Ik zit met een probleem en ik sukkel er al lang mee. Ik heb geen idee of het ligt aan virussen of aan hardware. Ik heb het op dit forum al proberen oplossen enkele maanden geleden, toen was er even verbetering maar nu is het erger dan ooit. zie link http://www.pc-helpforum.be/f186/pc-crasht-alles-bevriest-45244/

Mogelijk het een soortgelijk probleem daar ook alles mee te maken, http://www.pc-helpforum.be/f111/pc-start-vanzelf-terug-op-51673/

Een forumlid met een probleem dat heel heel hard op dat van mij lijkt en nog lopende is, staat hier: http://www.pc-helpforum.be/f163/random-vastlopers-van-mijn-pc-51044/

Het probleem is als volgt:

- Mijn PC valt op onvoorspelbare momenten uit. Scherm blijft vaststaan, maar er is geen reactie meer van muis en toetsenbord, het enige dat ik kan doen is de PC manueel uitzetten en terug opzetten.

- Dit gebeurt meestal vrij snel na opstart, of soms zelfs tijdens opstart. Soms ben ik al verbonden met internet, soms zelfs dat niet en is er nog geen enkel programma gestart. Dit kan zich tientallen keren na elkaar herhalen, zowel in normale als in veilige modus, al komt het daar minder voor. Eens ik na een paar minuten merk dat alles blijft werken, weet ik zeker dat de PC geen enkel probleem geeft tot ik hem uren later afzet. De volgende opstart kan terug problemen geven.

- Ik heb geen idee of het virus of hardware is. Als ik Combofix laat lopen (soms een paar keer nodig omdat hij tijdens de scan kan vastlopen), dan werkt de PC de rest van de dag. Twee weken geleden vond ik plots een massa (tiental) aan virussen met de gewone virusscanner, combofix en MBAM, vooral te vinden in Java en C:/Recycler. Plots waren ook mijn firewall en virusscanner uitgeschakeld en niet terug aan te krijgen, ik heb vanalles moeten proberen voordat dat terug in orde was. Iets was dus bezig een opening te maken. Nu vind ik al een tijd niets maar het probleem blijft.

Ik heb Java er afgegooid en laatste versie geïnstalleerd.

TDSS killer vindt niets, MBAM niets, Spybot niets, Microsoft Essentials niets en via Speccy ben ik er redelijk zeker van dat alles op de goeie temperatuur zit.

Mijn Hijack logje:

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 14:07:51, on 26/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Afmelden voor advertentiecookie - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--

End of file - 6339 bytes

Laatste combofix log:

ComboFix 12-12-22.02 - Jonas 26/12/2012 13:11:51.24.2 - x86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1765 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Jonas\Bureaublad\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-26 to 2012-12-26 ))))))))))))))))))))))))))))))

.

.

2012-12-26 12:01 . 2012-12-26 12:01 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2012-12-26 11:57 . 2012-12-26 11:57 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7C42F88-9C58-4979-9FB6-E1CD26E3103D}\offreg.dll

2012-12-26 11:57 . 2012-12-26 11:57 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7C42F88-9C58-4979-9FB6-E1CD26E3103D}\MpKslbe20545e.sys

2012-12-25 12:32 . 2012-12-25 12:32 -------- d--h--r- c:\documents and settings\Jonas\Onlangs geopend

2012-12-25 09:34 . 2012-11-08 09:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7C42F88-9C58-4979-9FB6-E1CD26E3103D}\mpengine.dll

2012-12-23 10:14 . 2012-11-08 09:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-22 15:32 . 2012-12-22 15:32 -------- d-----w- c:\program files\Common Files\Java

2012-12-22 15:31 . 2012-12-22 15:31 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-22 15:31 . 2012-12-22 15:31 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-22 15:31 . 2012-12-22 15:31 -------- d-----w- c:\program files\Java

2012-12-22 15:28 . 2012-12-22 15:29 -------- d-----w- c:\program files\Microsoft Security Client

2012-12-07 15:57 . 2008-06-20 11:59 361600 -c--a-w- c:\windows\system32\dllcache\tcpip.sys

2012-12-07 15:57 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-28 17:34 . 2012-11-28 17:34 -------- d-----w- c:\documents and settings\Jonas\Application Data\TeamViewer

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-22 15:31 . 2012-05-03 19:43 859072 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-22 15:31 . 2012-05-03 19:43 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-16 12:23 . 2008-04-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 11:55 . 2008-04-15 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:03 . 2008-04-15 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:12 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:12 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:12 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 18:54 . 2011-04-20 10:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-29 08:26 . 2012-12-13 17:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-4-17 2326528]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mnyfunua.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jonas^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Jonas\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 15:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 MpKslbe20545e;MpKslbe20545e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7C42F88-9C58-4979-9FB6-E1CD26E3103D}\MpKslbe20545e.sys [26/12/2012 12:57 29904]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 13:13 38144]

S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 10:18 202016]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [25/02/2012 23:17 25888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 15:02 287232]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NETSVCS VEREIST REPARATIES - huidige waarden worden getoond

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

winproxy

dsunidrv

Eplpdx02

RR2Mjpeg

MS1000

dot4ufd

ntuneservice

HSFHWALI

omsad

rt2870

s3savagenb

pdlncbas

p1110vid

askernel

ser2pl

surveyor

NwSapAgent

ZSMC301b

GV600_4

ZSMC303

AsIO

cbidf

pctavsvc

symmpi

sifilter

SQLAgent$LG_LP2

vrmonsvc

orbmediaservice

PDExchange

ftsata2

iviregmgr

CT20XUT.DLL

sagefserver

msloop

cwafeventrouter

gv3

atkdisplf

WNIPROT5

epfw

roxupnpserver

SeaPort

stirusb

ezplay

belgium_id_card_service

zd1211u(zydas)

oracledbconsoleorcl

stacsv

WUSB54Gv4SVC

DSXUSB

rtl8139

FileDisk

entertainment

tones

ispwdsvc

oracleorahomepagingserver

RDID1027

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

uploadmgr

TermService

ip6fwhlp

mhn

sacsvr

trksvr

.

Rebuilding ... You need to reboot your machine for this to take effect.

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:39]

.

2012-12-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-12-03 13:31]

.

2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-12-03 13:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Jonas\Application Data\Mozilla\Firefox\Profiles\rf2gctus.default\

FF - ExtSQL: !HIDDEN! 2010-02-23 00:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-26 13:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-492894223-1417001333-1004\Software\SecuROM\License information*]

"datasecu"=hex:88,2b,83,a5,ca,bc,3f,27,59,bc,9a,e3,12,db,63,e6,d0,79,55,f1,b5,

76,8b,37,6a,7b,f7,2a,08,c5,26,ae,80,5c,04,91,f1,49,99,59,ed,b3,27,17,2b,03,\

"rkeysecu"=hex:40,a0,1a,ce,7b,8c,bc,ef,40,02,47,c8,89,e7,9a,09

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(204)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-12-26 13:20:41

ComboFix-quarantined-files.txt 2012-12-26 12:20

ComboFix2.txt 2012-12-23 10:13

ComboFix3.txt 2012-12-23 09:42

ComboFix4.txt 2012-12-16 11:03

ComboFix5.txt 2012-12-26 12:05

.

Pre-Run: 148.873.793.536 bytes beschikbaar

Post-Run: 148.875.956.224 bytes beschikbaar

.

- - End Of File - - 2F3CAC9DDF57EE58D1950C8912CEE0F0

- - - Updated - - -

Om een of andere reden is mijn bericht twee keer gepost, het andere topic mag dus weg.

Nog iets vergeten dat niet onbelangrijk is: bij een scan met combofix vindt hij elke keer opnieuw een rootkit Zero Access. Printscreen van het probleem:

Hoe vaak ik ook scan, hij blijft dit geven. Geen enkele andere scanner vindt dit.

[kweezie wabbit]

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  
• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  
  
• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  
• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
  
  
• Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  
• Herstart nu de computer.
  

[omega]

helaas niets gevonden.

Log is

Emsisoft Emergency Kit - Versie 3.0Laatste Update: 27/12/2012 14:08:24

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 27/12/2012 14:08:57

Gescand 419355

Gevonden 0

Scan geëindigd: 27/12/2012 15:29:12

Scantijd: 1:20:15

[kape]

Download en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[omega]

TDSS heeft al sinds februari niets meer gevonden.

Gisteren heb ik een hele dag zonder problemen op de pc gewerkt, vandaag heb ik hem al 3 keer moeten heropstarten en ik post dit nu vanuit veilige modus omdat daar de kans op crash iets kleiner is.

10:46:40.0386 0788 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3510:46:40.0526 0788 ============================================================

10:46:40.0526 0788 Current date / time: 2012/12/28 10:46:40.0526

10:46:40.0526 0788 SystemInfo:

10:46:40.0526 0788

10:46:40.0526 0788 OS Version: 5.1.2600 ServicePack: 3.0

10:46:40.0526 0788 Product type: Workstation

10:46:40.0526 0788 ComputerName: KOOYMAN-7017FEA

10:46:40.0526 0788 UserName: Jonas

10:46:40.0526 0788 Windows directory: C:\WINDOWS

10:46:40.0526 0788 System windows directory: C:\WINDOWS

10:46:40.0526 0788 Processor architecture: Intel x86

10:46:40.0526 0788 Number of processors: 2

10:46:40.0526 0788 Page size: 0x1000

10:46:40.0526 0788 Boot type: Normal boot

10:46:40.0526 0788 ============================================================

10:46:42.0589 0788 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:46:42.0589 0788 ============================================================

10:46:42.0589 0788 \Device\Harddisk0\DR0:

10:46:42.0605 0788 MBR partitions:

10:46:42.0605 0788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

10:46:42.0605 0788 ============================================================

10:46:42.0636 0788 C: <-> \Device\Harddisk0\DR0\Partition1

10:46:42.0730 0788 ============================================================

10:46:42.0730 0788 Initialize success

10:46:42.0730 0788 ============================================================

10:46:44.0198 3792 ============================================================

10:46:44.0198 3792 Scan started

10:46:44.0198 3792 Mode: Manual;

10:46:44.0198 3792 ============================================================

10:46:44.0901 3792 ================ Scan system memory ========================

10:46:44.0917 3792 System memory - ok

10:46:44.0917 3792 ================ Scan services =============================

10:46:45.0042 3792 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\DOCUMENTS AND SETTINGS\JONAS\BUREAUBLAD\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys

10:46:45.0042 3792 A2DDA - ok

10:46:45.0136 3792 Abiosdsk - ok

10:46:45.0136 3792 abp480n5 - ok

10:46:45.0151 3792 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:46:45.0151 3792 ACPI - ok

10:46:45.0198 3792 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

10:46:45.0198 3792 ACPIEC - ok

10:46:45.0198 3792 adpu160m - ok

10:46:45.0245 3792 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

10:46:45.0245 3792 aec - ok

10:46:45.0292 3792 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

10:46:45.0339 3792 AegisP - ok

10:46:45.0386 3792 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

10:46:45.0386 3792 AFD - ok

10:46:45.0401 3792 Aha154x - ok

10:46:45.0401 3792 aic78u2 - ok

10:46:45.0401 3792 aic78xx - ok

10:46:45.0433 3792 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll

10:46:45.0448 3792 Alerter - ok

10:46:45.0480 3792 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe

10:46:45.0480 3792 ALG - ok

10:46:45.0480 3792 AliIde - ok

10:46:45.0480 3792 amsint - ok

10:46:45.0495 3792 AppMgmt - ok

10:46:45.0495 3792 asc - ok

10:46:45.0495 3792 asc3350p - ok

10:46:45.0495 3792 asc3550 - ok

10:46:45.0511 3792 AsIO - ok

10:46:45.0511 3792 askernel - ok

10:46:45.0605 3792 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:46:45.0620 3792 aspnet_state - ok

10:46:45.0620 3792 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:46:45.0620 3792 AsyncMac - ok

10:46:45.0683 3792 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

10:46:45.0683 3792 atapi - ok

10:46:45.0683 3792 Atdisk - ok

10:46:45.0730 3792 [ A03F8B3BF819A1C8C9661A71FE53F09F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

10:46:45.0745 3792 Ati HotKey Poller - ok

10:46:45.0761 3792 [ ECFAA465EC730F40DFA41E63EEA06A57 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

10:46:45.0776 3792 ATI Smart - ok

10:46:45.0839 3792 [ 7E682D97868CEFAE5D2BBD23EBBF7207 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:46:45.0855 3792 ati2mtag - ok

10:46:45.0870 3792 [ 41C8F0EDA10DA14378D304C20BA6E558 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys

10:46:45.0870 3792 AtiHdmiService - ok

10:46:45.0870 3792 atkdisplf - ok

10:46:45.0870 3792 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:46:45.0886 3792 Atmarpc - ok

10:46:45.0901 3792 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

10:46:45.0901 3792 AudioSrv - ok

10:46:45.0917 3792 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

10:46:45.0917 3792 audstub - ok

10:46:45.0980 3792 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

10:46:45.0980 3792 Beep - ok

10:46:45.0980 3792 belgium_id_card_service - ok

10:46:46.0011 3792 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll

10:46:46.0026 3792 BITS - ok

10:46:46.0073 3792 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll

10:46:46.0073 3792 Browser - ok

10:46:46.0151 3792 catchme - ok

10:46:46.0167 3792 cbidf - ok

10:46:46.0183 3792 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

10:46:46.0183 3792 cbidf2k - ok

10:46:46.0183 3792 cd20xrnt - ok

10:46:46.0183 3792 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

10:46:46.0198 3792 Cdaudio - ok

10:46:46.0230 3792 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

10:46:46.0230 3792 Cdfs - ok

10:46:46.0230 3792 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:46:46.0245 3792 Cdrom - ok

10:46:46.0245 3792 Changer - ok

10:46:46.0276 3792 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe

10:46:46.0276 3792 CiSvc - ok

10:46:46.0292 3792 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

10:46:46.0292 3792 ClipSrv - ok

10:46:46.0323 3792 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:46:46.0355 3792 clr_optimization_v2.0.50727_32 - ok

10:46:46.0355 3792 CmdIde - ok

10:46:46.0370 3792 COMSysApp - ok

10:46:46.0370 3792 Cpqarray - ok

10:46:46.0417 3792 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

10:46:46.0417 3792 CryptSvc - ok

10:46:46.0417 3792 CT20XUT.DLL - ok

10:46:46.0417 3792 cwafeventrouter - ok

10:46:46.0433 3792 dac2w2k - ok

10:46:46.0433 3792 dac960nt - ok

10:46:46.0480 3792 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

10:46:46.0495 3792 DcomLaunch - ok

10:46:46.0511 3792 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys

10:46:46.0511 3792 DgiVecp - ok

10:46:46.0542 3792 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

10:46:46.0542 3792 Dhcp - ok

10:46:46.0542 3792 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

10:46:46.0542 3792 Disk - ok

10:46:46.0558 3792 dmadmin - ok

10:46:46.0589 3792 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

10:46:46.0589 3792 dmboot - ok

10:46:46.0605 3792 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

10:46:46.0605 3792 dmio - ok

10:46:46.0636 3792 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

10:46:46.0636 3792 dmload - ok

10:46:46.0651 3792 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll

10:46:46.0651 3792 dmserver - ok

10:46:46.0683 3792 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

10:46:46.0683 3792 DMusic - ok

10:46:46.0714 3792 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

10:46:46.0714 3792 Dnscache - ok

10:46:46.0745 3792 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

10:46:46.0745 3792 Dot3svc - ok

10:46:46.0761 3792 dot4ufd - ok

10:46:46.0761 3792 dpti2o - ok

10:46:46.0808 3792 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

10:46:46.0808 3792 drmkaud - ok

10:46:46.0823 3792 dsunidrv - ok

10:46:46.0823 3792 DSXUSB - ok

10:46:46.0823 3792 dwshd - ok

10:46:46.0855 3792 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll

10:46:46.0855 3792 EapHost - ok

10:46:46.0870 3792 [ C47E7C5E7410C7DE98F7219E3008C23D ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

10:46:46.0870 3792 EAPPkt - ok

10:46:46.0870 3792 entertainment - ok

10:46:46.0886 3792 epfw - ok

10:46:46.0886 3792 Eplpdx02 - ok

10:46:46.0901 3792 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll

10:46:46.0901 3792 ERSvc - ok

10:46:46.0948 3792 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe

10:46:46.0948 3792 Eventlog - ok

10:46:46.0980 3792 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll

10:46:46.0995 3792 EventSystem - ok

10:46:46.0995 3792 ezplay - ok

10:46:47.0042 3792 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

10:46:47.0042 3792 Fastfat - ok

10:46:47.0089 3792 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

10:46:47.0089 3792 FastUserSwitchingCompatibility - ok

10:46:47.0105 3792 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

10:46:47.0105 3792 Fdc - ok

10:46:47.0105 3792 FileDisk - ok

10:46:47.0120 3792 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

10:46:47.0120 3792 Fips - ok

10:46:47.0120 3792 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:46:47.0120 3792 Flpydisk - ok

10:46:47.0167 3792 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

10:46:47.0183 3792 FltMgr - ok

10:46:47.0261 3792 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:46:47.0261 3792 FontCache3.0.0.0 - ok

10:46:47.0261 3792 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:46:47.0261 3792 Fs_Rec - ok

10:46:47.0276 3792 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:46:47.0276 3792 Ftdisk - ok

10:46:47.0276 3792 ftsata2 - ok

10:46:47.0308 3792 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys

10:46:48.0026 3792 gdrv - ok

10:46:48.0058 3792 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:46:48.0058 3792 Gpc - ok

10:46:48.0214 3792 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

10:46:48.0261 3792 gupdate - ok

10:46:48.0292 3792 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

10:46:48.0292 3792 gupdatem - ok

10:46:48.0292 3792 gv3 - ok

10:46:48.0308 3792 GV600_4 - ok

10:46:48.0370 3792 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:46:48.0386 3792 HDAudBus - ok

10:46:48.0448 3792 helpsvc - ok

10:46:48.0448 3792 HidServ - ok

10:46:48.0526 3792 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:46:48.0573 3792 HidUsb - ok

10:46:48.0620 3792 [ 9396F6160B8CB8769AEC41B5B1EF35D5 ] hitmanpro35 C:\WINDOWS\system32\drivers\hitmanpro36.sys

10:46:48.0620 3792 hitmanpro35 - ok

10:46:48.0651 3792 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

10:46:48.0651 3792 hkmsvc - ok

10:46:48.0651 3792 hpn - ok

10:46:48.0651 3792 HSFHWALI - ok

10:46:48.0698 3792 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

10:46:48.0698 3792 HTTP - ok

10:46:48.0745 3792 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

10:46:48.0745 3792 HTTPFilter - ok

10:46:48.0745 3792 i2omgmt - ok

10:46:48.0761 3792 i2omp - ok

10:46:48.0761 3792 [ C43372D0682F8E32E4EC21117E089EC0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:46:48.0776 3792 i8042prt - ok

10:46:48.0823 3792 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:46:48.0839 3792 idsvc - ok

10:46:48.0839 3792 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

10:46:48.0839 3792 Imapi - ok

10:46:48.0886 3792 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe

10:46:48.0886 3792 ImapiService - ok

10:46:48.0886 3792 ini910u - ok

10:46:49.0026 3792 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

10:46:49.0058 3792 IntcAzAudAddService - ok

10:46:49.0058 3792 IntelIde - ok

10:46:49.0073 3792 [ 2D2254FAC267E6B1C7865E8EBEF60C6D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:46:49.0073 3792 intelppm - ok

10:46:49.0073 3792 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

10:46:49.0073 3792 Ip6Fw - ok

10:46:49.0105 3792 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:46:49.0105 3792 IpFilterDriver - ok

10:46:49.0105 3792 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:46:49.0105 3792 IpInIp - ok

10:46:49.0105 3792 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:46:49.0105 3792 IpNat - ok

10:46:49.0120 3792 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:46:49.0120 3792 IPSec - ok

10:46:49.0136 3792 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

10:46:49.0136 3792 IRENUM - ok

10:46:49.0167 3792 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:46:49.0167 3792 isapnp - ok

10:46:49.0183 3792 ispwdsvc - ok

10:46:49.0183 3792 iviregmgr - ok

10:46:49.0308 3792 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

10:46:49.0323 3792 JavaQuickStarterService - ok

10:46:49.0323 3792 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:46:49.0323 3792 Kbdclass - ok

10:46:49.0339 3792 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

10:46:49.0339 3792 kmixer - ok

10:46:49.0339 3792 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

10:46:49.0339 3792 KSecDD - ok

10:46:49.0386 3792 [ C7955E7EDAEA462D04F1C4BE1D340372 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

10:46:49.0386 3792 LanmanServer - ok

10:46:49.0401 3792 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

10:46:49.0417 3792 lanmanworkstation - ok

10:46:49.0448 3792 Lavasoft Kernexplorer - ok

10:46:49.0448 3792 Lbd - ok

10:46:49.0464 3792 lbrtfdc - ok

10:46:49.0511 3792 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

10:46:49.0511 3792 LmHosts - ok

10:46:49.0526 3792 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll

10:46:49.0542 3792 Messenger - ok

10:46:49.0573 3792 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

10:46:49.0573 3792 mnmdd - ok

10:46:49.0605 3792 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

10:46:49.0605 3792 mnmsrvc - ok

10:46:49.0620 3792 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys

10:46:49.0620 3792 Modem - ok

10:46:49.0651 3792 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:46:49.0651 3792 Mouclass - ok

10:46:49.0698 3792 [ 18017899254E01371E1A39754D6BF98C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:46:49.0698 3792 mouhid - ok

10:46:49.0698 3792 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

10:46:49.0698 3792 MountMgr - ok

10:46:49.0792 3792 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:46:49.0792 3792 MozillaMaintenance - ok

10:46:49.0823 3792 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

10:46:49.0823 3792 MpFilter - ok

10:46:49.0933 3792 [ A69630D039C38018689190234F866D77 ] MpKslcf99fa6b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{940E57C2-1531-4228-968A-55C880235B52}\MpKslcf99fa6b.sys

10:46:49.0933 3792 MpKslcf99fa6b - ok

10:46:49.0948 3792 mraid35x - ok

10:46:49.0948 3792 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:46:49.0948 3792 MRxDAV - ok

10:46:49.0995 3792 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:46:49.0995 3792 MRxSmb - ok

10:46:50.0011 3792 MS1000 - ok

10:46:50.0026 3792 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe

10:46:50.0042 3792 MSDTC - ok

10:46:50.0042 3792 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

10:46:50.0042 3792 Msfs - ok

10:46:50.0042 3792 MSIServer - ok

10:46:50.0042 3792 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:46:50.0058 3792 MSKSSRV - ok

10:46:50.0058 3792 msloop - ok

10:46:50.0136 3792 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

10:46:50.0136 3792 MsMpSvc - ok

10:46:50.0167 3792 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:46:50.0167 3792 MSPCLOCK - ok

10:46:50.0167 3792 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

10:46:50.0167 3792 MSPQM - ok

10:46:50.0214 3792 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:46:50.0214 3792 mssmbios - ok

10:46:50.0230 3792 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

10:46:50.0230 3792 Mup - ok

10:46:50.0245 3792 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll

10:46:50.0261 3792 napagent - ok

10:46:50.0355 3792 [ 89844C3D3A7AAE8999E229C88E452633 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

10:46:50.0370 3792 NBService - ok

10:46:50.0401 3792 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

10:46:50.0401 3792 NDIS - ok

10:46:50.0448 3792 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:46:50.0448 3792 NdisTapi - ok

10:46:50.0480 3792 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:46:50.0480 3792 Ndisuio - ok

10:46:50.0495 3792 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:46:50.0495 3792 NdisWan - ok

10:46:50.0511 3792 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

10:46:50.0511 3792 NDProxy - ok

10:46:50.0558 3792 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

10:46:50.0558 3792 NetBIOS - ok

10:46:50.0573 3792 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

10:46:50.0573 3792 NetBT - ok

10:46:50.0589 3792 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe

10:46:50.0589 3792 NetDDE - ok

10:46:50.0605 3792 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

10:46:50.0605 3792 NetDDEdsdm - ok

10:46:50.0636 3792 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe

10:46:50.0636 3792 Netlogon - ok

10:46:50.0651 3792 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll

10:46:50.0651 3792 Netman - ok

10:46:50.0667 3792 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:46:50.0667 3792 NetTcpPortSharing - ok

10:46:50.0714 3792 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll

10:46:50.0714 3792 Nla - ok

10:46:50.0823 3792 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

10:46:51.0089 3792 NMIndexingService - ok

10:46:51.0105 3792 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

10:46:51.0105 3792 Npfs - ok

10:46:51.0151 3792 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

10:46:51.0167 3792 Ntfs - ok

10:46:51.0183 3792 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

10:46:51.0183 3792 NtLmSsp - ok

10:46:51.0214 3792 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

10:46:51.0214 3792 NtmsSvc - ok

10:46:51.0230 3792 ntuneservice - ok

10:46:51.0245 3792 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

10:46:51.0245 3792 Null - ok

10:46:51.0308 3792 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:46:51.0308 3792 NwlnkFlt - ok

10:46:51.0308 3792 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:46:51.0308 3792 NwlnkFwd - ok

10:46:51.0308 3792 omsad - ok

10:46:51.0308 3792 oracledbconsoleorcl - ok

10:46:51.0323 3792 oracleorahomepagingserver - ok

10:46:51.0323 3792 orbmediaservice - ok

10:46:51.0323 3792 p1110vid - ok

10:46:51.0355 3792 [ B2FCE3DF242EAAA317FA2E4946D26A03 ] papycpu2 C:\WINDOWS\system32\drivers\papycpu2.sys

10:46:51.0386 3792 papycpu2 - ok

10:46:51.0401 3792 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

10:46:51.0401 3792 Parport - ok

10:46:51.0417 3792 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

10:46:51.0417 3792 PartMgr - ok

10:46:51.0464 3792 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

10:46:51.0464 3792 ParVdm - ok

10:46:51.0480 3792 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

10:46:51.0480 3792 PCI - ok

10:46:51.0495 3792 PCIDump - ok

10:46:51.0495 3792 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

10:46:51.0495 3792 PCIIde - ok

10:46:51.0511 3792 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

10:46:51.0511 3792 Pcmcia - ok

10:46:51.0511 3792 pctavsvc - ok

10:46:51.0511 3792 PDCOMP - ok

10:46:51.0526 3792 PDExchange - ok

10:46:51.0526 3792 PDFRAME - ok

10:46:51.0526 3792 pdlncbas - ok

10:46:51.0526 3792 PDRELI - ok

10:46:51.0542 3792 PDRFRAME - ok

10:46:51.0542 3792 perc2 - ok

10:46:51.0542 3792 perc2hib - ok

10:46:51.0573 3792 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe

10:46:51.0573 3792 PlugPlay - ok

10:46:51.0573 3792 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

10:46:51.0573 3792 PolicyAgent - ok

10:46:51.0589 3792 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:46:51.0589 3792 PptpMiniport - ok

10:46:51.0589 3792 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

10:46:51.0589 3792 ProtectedStorage - ok

10:46:51.0589 3792 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

10:46:51.0589 3792 PSched - ok

10:46:51.0605 3792 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:46:51.0605 3792 Ptilink - ok

10:46:51.0651 3792 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:46:51.0651 3792 PxHelp20 - ok

10:46:51.0651 3792 ql1080 - ok

10:46:51.0651 3792 Ql10wnt - ok

10:46:51.0667 3792 ql12160 - ok

10:46:51.0667 3792 ql1240 - ok

10:46:51.0667 3792 ql1280 - ok

10:46:51.0683 3792 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:46:51.0683 3792 RasAcd - ok

10:46:51.0698 3792 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll

10:46:51.0714 3792 RasAuto - ok

10:46:51.0730 3792 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:46:51.0730 3792 Rasl2tp - ok

10:46:51.0745 3792 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll

10:46:51.0745 3792 RasMan - ok

10:46:51.0745 3792 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:46:51.0745 3792 RasPppoe - ok

10:46:51.0761 3792 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

10:46:51.0761 3792 Raspti - ok

10:46:51.0776 3792 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:46:51.0776 3792 Rdbss - ok

10:46:51.0776 3792 RDID1027 - ok

10:46:51.0776 3792 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:46:51.0776 3792 RDPCDD - ok

10:46:51.0839 3792 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

10:46:51.0839 3792 RDPWD - ok

10:46:51.0886 3792 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

10:46:51.0886 3792 RDSessMgr - ok

10:46:51.0917 3792 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

10:46:51.0917 3792 redbook - ok

10:46:51.0933 3792 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

10:46:51.0933 3792 RemoteAccess - ok

10:46:51.0933 3792 roxupnpserver - ok

10:46:51.0948 3792 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe

10:46:51.0948 3792 RpcLocator - ok

10:46:51.0980 3792 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\System32\rpcss.dll

10:46:51.0980 3792 RpcSs - ok

10:46:51.0995 3792 RR2Mjpeg - ok

10:46:52.0011 3792 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe

10:46:52.0011 3792 RSVP - ok

10:46:52.0026 3792 rt2870 - ok

10:46:52.0026 3792 rtl8139 - ok

10:46:52.0089 3792 [ 60AECD4284317784111716BB88342F46 ] RTL8187B C:\WINDOWS\system32\DRIVERS\wg111v3.sys

10:46:52.0089 3792 RTL8187B - ok

10:46:52.0136 3792 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

10:46:52.0136 3792 RTLE8023xp - ok

10:46:52.0136 3792 s3savagenb - ok

10:46:52.0151 3792 sagefserver - ok

10:46:52.0151 3792 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe

10:46:52.0151 3792 SamSs - ok

10:46:52.0183 3792 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

10:46:52.0183 3792 SCardSvr - ok

10:46:52.0230 3792 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll

10:46:52.0230 3792 Schedule - ok

10:46:52.0230 3792 SeaPort - ok

10:46:52.0245 3792 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:46:52.0245 3792 Secdrv - ok

10:46:52.0292 3792 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll

10:46:52.0292 3792 seclogon - ok

10:46:52.0292 3792 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll

10:46:52.0292 3792 SENS - ok

10:46:52.0292 3792 ser2pl - ok

10:46:52.0308 3792 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

10:46:52.0308 3792 serenum - ok

10:46:52.0308 3792 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

10:46:52.0308 3792 Serial - ok

10:46:52.0339 3792 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

10:46:52.0339 3792 Sfloppy - ok

10:46:52.0339 3792 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

10:46:52.0355 3792 SharedAccess - ok

10:46:52.0370 3792 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

10:46:52.0370 3792 ShellHWDetection - ok

10:46:52.0370 3792 sifilter - ok

10:46:52.0386 3792 Simbad - ok

10:46:52.0386 3792 Sparrow - ok

10:46:52.0401 3792 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

10:46:52.0401 3792 splitter - ok

10:46:52.0417 3792 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

10:46:52.0417 3792 Spooler - ok

10:46:52.0495 3792 sprtsvc_belgacom - ok

10:46:52.0495 3792 SQLAgent$LG_LP2 - ok

10:46:52.0526 3792 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

10:46:52.0526 3792 sr - ok

10:46:52.0526 3792 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll

10:46:52.0542 3792 srservice - ok

10:46:52.0573 3792 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

10:46:52.0573 3792 Srv - ok

10:46:52.0605 3792 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

10:46:52.0605 3792 SSDPSRV - ok

10:46:52.0620 3792 SSPORT - ok

10:46:52.0620 3792 stacsv - ok

10:46:52.0620 3792 stirusb - ok

10:46:52.0667 3792 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll

10:46:52.0683 3792 stisvc - ok

10:46:52.0745 3792 [ 9A97B7024E2CA4D42046BF272997E14C ] SupportSoft RemoteAssist C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

10:46:52.0901 3792 SupportSoft RemoteAssist - ok

10:46:52.0901 3792 surveyor - ok

10:46:52.0901 3792 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

10:46:52.0901 3792 swenum - ok

10:46:52.0917 3792 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

10:46:52.0917 3792 swmidi - ok

10:46:52.0933 3792 SwPrv - ok

10:46:52.0933 3792 symc810 - ok

10:46:52.0933 3792 symc8xx - ok

10:46:52.0933 3792 symmpi - ok

10:46:52.0948 3792 sym_hi - ok

10:46:52.0948 3792 sym_u3 - ok

10:46:52.0948 3792 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

10:46:52.0964 3792 sysaudio - ok

10:46:52.0980 3792 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

10:46:52.0980 3792 SysmonLog - ok

10:46:53.0011 3792 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

10:46:53.0011 3792 TapiSrv - ok

10:46:53.0058 3792 [ AD978A1B783B5719720CFF204B666C8E ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:46:53.0073 3792 Tcpip - ok

10:46:53.0089 3792 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

10:46:53.0105 3792 TDPIPE - ok

10:46:53.0105 3792 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

10:46:53.0105 3792 TDTCP - ok

10:46:53.0120 3792 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

10:46:53.0120 3792 TermDD - ok

10:46:53.0151 3792 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll

10:46:53.0151 3792 TermService - ok

10:46:53.0167 3792 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll

10:46:53.0167 3792 Themes - ok

10:46:53.0167 3792 tones - ok

10:46:53.0167 3792 TosIde - ok

10:46:53.0183 3792 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll

10:46:53.0198 3792 TrkWks - ok

10:46:53.0214 3792 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

10:46:53.0214 3792 Udfs - ok

10:46:53.0214 3792 ultra - ok

10:46:53.0230 3792 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

10:46:53.0230 3792 UMWdf - ok

10:46:53.0292 3792 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

10:46:53.0292 3792 Update - ok

10:46:53.0323 3792 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll

10:46:53.0323 3792 upnphost - ok

10:46:53.0339 3792 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe

10:46:53.0339 3792 UPS - ok

10:46:53.0370 3792 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:46:53.0370 3792 usbehci - ok

10:46:53.0417 3792 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:46:53.0417 3792 usbhub - ok

10:46:53.0448 3792 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:46:53.0448 3792 usbprint - ok

10:46:53.0480 3792 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:46:53.0480 3792 USBSTOR - ok

10:46:53.0495 3792 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:46:53.0511 3792 usbuhci - ok

10:46:53.0511 3792 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

10:46:53.0511 3792 VgaSave - ok

10:46:53.0511 3792 ViaIde - ok

10:46:53.0589 3792 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

10:46:53.0589 3792 VolSnap - ok

10:46:53.0605 3792 vrmonsvc - ok

10:46:53.0636 3792 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe

10:46:53.0636 3792 VSS - ok

10:46:53.0683 3792 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll

10:46:53.0698 3792 W32Time - ok

10:46:53.0730 3792 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:46:53.0730 3792 Wanarp - ok

10:46:53.0761 3792 [ 849F89B23FF0841C9FE7939362F14348 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

10:46:53.0761 3792 wceusbsh - ok

10:46:53.0761 3792 WDICA - ok

10:46:53.0792 3792 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

10:46:53.0792 3792 wdmaud - ok

10:46:53.0792 3792 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll

10:46:53.0808 3792 WebClient - ok

10:46:53.0886 3792 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

10:46:53.0886 3792 winmgmt - ok

10:46:53.0886 3792 winproxy - ok

10:46:53.0917 3792 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

10:46:53.0917 3792 WmdmPmSN - ok

10:46:53.0933 3792 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:46:53.0933 3792 WmiApSrv - ok

10:46:53.0933 3792 WNIPROT5 - ok

10:46:53.0948 3792 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

10:46:53.0948 3792 WpdUsb - ok

10:46:53.0980 3792 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:46:53.0980 3792 WS2IFSL - ok

10:46:54.0042 3792 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

10:46:54.0042 3792 wscsvc - ok

10:46:54.0073 3792 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

10:46:54.0089 3792 wuauserv - ok

10:46:54.0089 3792 WUSB54Gv4SVC - ok

10:46:54.0105 3792 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

10:46:54.0105 3792 WZCSVC - ok

10:46:54.0151 3792 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

10:46:54.0167 3792 xmlprov - ok

10:46:54.0167 3792 zd1211u(zydas) - ok

10:46:54.0167 3792 ZSMC301b - ok

10:46:54.0183 3792 ZSMC303 - ok

10:46:54.0183 3792 ================ Scan global ===============================

10:46:54.0214 3792 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll

10:46:54.0261 3792 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll

10:46:54.0276 3792 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll

10:46:54.0276 3792 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe

10:46:54.0276 3792 [Global] - ok

10:46:54.0276 3792 ================ Scan MBR ==================================

10:46:54.0292 3792 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0

10:46:54.0448 3792 \Device\Harddisk0\DR0 - ok

10:46:54.0448 3792 ================ Scan VBR ==================================

10:46:54.0464 3792 [ 34A8B8B0754035B6C0EFAACB7D73ACFD ] \Device\Harddisk0\DR0\Partition1

10:46:54.0464 3792 \Device\Harddisk0\DR0\Partition1 - ok

10:46:54.0464 3792 ============================================================

10:46:54.0464 3792 Scan finished

10:46:54.0464 3792 ============================================================

10:46:54.0480 3504 Detected object count: 0

10:46:54.0480 3504 Actual detected object count: 0

10:47:03.0870 4072 Deinitialize success

[kape]

Download rkill via één van de onderstaande links naar het bureaublad.

• rkill (exe)
  
• rkill (com)
  
• rkill (scr)
  
• rkill (pif)
  

Dubbelklik op "rkill" om het te starten

Dit kan een beetje tijd in beslag nemen.

Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.

Indien u problemen blijft houden qua meldingen download dan hier (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.

Let op!!! Herstart de computer niet na het gebruik van rkill

[omega]

Gedaan, rkill log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)Bleeping Computer - Technical Support and Computer Help

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

RKill - What it does and What it Doesn't - A brief introduction to the program

Program started at: 12/28/2012 04:02:27 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!

* HKCU\SOFTWARE\Classes\.bat has been deleted!

* HKCU\SOFTWARE\Classes\.com "@" exists and is set to ComFile!

* HKCU\SOFTWARE\Classes\.com has been deleted!

* HKCU\SOFTWARE\Classes\ComFile has been deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

* helpsvc => %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/28/2012 04:02:53 PM

Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

[kape]

En dan is weer de vraag of hierna vastlopers volgen ?

[omega]

nog niet want er stond dat ik mijn pc niet mocht heropstarten.

Zola,g hij aanstaat blijft hij werken, de eerste 10 minuten na opstart zijn de cruciale.

Mijn volgende test zal waarschijnlijk pas zondag zijn.

[omega]

edit: net reboot gedaan en voorlopig werkt het nog, maar dat is geen garantie dat het de volgende keer gaat werken